In any given enterprise, there may be several e-business applications that are deployed. In conventional systems, each of these applications will have their own security policies stored in their respective repositories. Allowing these applications to maintain their own policy repositories and embedded policy decision services is inconvenient and unscalable from an administrative perspective. For example, any new application that is installed must maintain and evaluate its own security policies, which is a major administrative inconvenience. Also these policies cannot be shared across applications, therefore, every application must have its own policy enforcement engine to enforce security policies.
Thus, there is a growing need for a centralized enterprise security and provisioning policy framework that can provide capability to define prescriptive policies for various administrative domains, provide capability to define policies for hierarchical administrative domains for a fine-grained delegated administration, provide infrastructure to build policy servers for various security and provisioning policy evaluation decisions, lower application development, deployment and management costs due to the integration with a unified identity and security management, and enable administration and administration delegation of enterprise security policies.
Embodiments of a method and mechanism for a Centralized Enterprise Security Policy Framework which include storing and enforcing enterprise wide security and provisioning policies in a centralized LDAP directory server are disclosed.